128-bit SSL question

Similar Messages

• Updating an intermediate CA for a 128 bit SSL cert

  We found a 128 bit SSL cert that was affected by the Verisign server shutdown on 1/7/2004. I need to update the intermediate CA for a 5.1 and 6.1 Web Logic server. Where can I find information on how to do this?
  Thanks.

  download from
  http://www.verisign.com/support/roots.html
  Scott Stanforth <[email protected]> wrote:
  We found a 128 bit SSL cert that was affected by the Verisign server
  shutdown on 1/7/2004. I need to update the intermediate CA for a 5.1
  and 6.1 Web Logic server. Where can I find information on how to do
  this?
  Thanks.

• CSS 40/128 bit SSL recognition

  Is it possible for a CSS (11501 SSL) to detect the browser version of an incoming client to see if he is able to do 128 bit SSL or only 40 bit SSL? Is that in the HTTP header, if so, where / which string / ...?
  Thanks for any helpful comment,
  Uli

  the CSS in general can detect the browser type with the command 'header-field-group' and the 'header-field user-agent ...'
  Otherwise, when you define your ssl-server, you need to specify the cipher mode accepted by the module.
  You can list 40 bits cypher modes and 128 bits cipher modes.
  The SSL protocol will negotiate the best one.
  Gilles

• Does firefox browser support 128-bit SSL?

  I am trying to access a bank i work for who just upgraded their system.

  Firefox supports 256 bit since 2002 in Firefox 2, so 128 bit is no problem.
  * https://www.fortify.net/sslcheck.html
  If websites complain about 128 bit encryption not available then that can be caused by the "U;" that is no longer present in the Firefox 4 user agent.
  *http://en.wikipedia.org/wiki/User_agent#Encryption_strength_notations
  You can see the current user agent on the Help > Troubleshooting Information page.
  You can try to add "U;" via variations for the user agent setting like posted below via the pref general.useragent.override to see if that works.
  If you update Firefox then you need to adjust the Gecko (rv:) and Firefox version to reflect the currently installed version.
  Some examples (Vista is 6.0 - Windows 7 is 6.1):
  * Mozilla/5.0 (Windows NT 6.0; U; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
  * Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
  * User Agent Switcher: https://addons.mozilla.org/firefox/addon/59

• SSL 128 bits on OAS 4.0.8.1 for LINUX ?

  We used to use the solaris version. To reduce cost, we are moving to Linux. Before, when you needed 128 bits security, you had to order a special patch from tech support.
  The linux version we received is the export version and it is NOT 128 bits SSL.
  Does 128 bits SSL exist ?
  Also, LINUX support from oracle seems REALLY BAD. I'm wondering if we're doing a nice move here... ?
  Thanks
  null

  After I fixed some of the things I broke while searching for the wrksf failure, the PL/SQL Cartridge now works for me too. And, after failing to get the DB Browser to work by loading it into the SCOTT schema, I got it to work by loading it into SYS. (SCOTT can't see the DBA_* views so loading the DB Browser into the database failed.) I haven't tried any Java Servlets yet, but that's next on my list.
  If you want to try my wrksf workaround, rather than using Christoph's, here's how you can do it.
  1. Backup liborb.so in the $ORACLE_HOME/orb/4.0/lib directory, just in case something goes wrong.
  2. Using a hex editor, such as emacs hexl-find-file or ghex, to edit liborb.so, find the string "/proc/stat".
  3. Change the directory, "/proc" to something like "/pfoo" and write the shared library file back to liborb.so. You now have the required modified liborb.so.
  4. Make the /pfoo directory and cp /proc/stat /pfoo.
  5. Edit /pfoo/stat and duplicate the first line, which should be the cpu line. This will let the metrics parser handle it. Make sure that /pfoo/stat has read access.
  Of course, the values that the metrics code gets are now bogus, but that does not seem to be a fatal problem.
  Hopefully somebody from Oracle is reading this and the real fix will be in the mail soon.

• Problems with IE and 128-bit encryption

  Hello. I'm having a problem with 128-bit SSL and Internet Explorer.
  I'm using WebLogic 5.1 (128-bit build) and a Verisign certificate.
  We're seeing some strange behavior with Internet Explorer. It seems to
  work fine from some machines, but doesn't work from others. On the ones
  that it doesn't work, it gives the "The page cannot be displayed"
  message. I've tried this with IE 4.0.1 (with 128-bit patch) and IE 5.5
  (128-bit by default) and have the same problems with both. We're seeing
  this problem across various Windows operating systems, but aren't seeing
  any pattern there. Any ideas as to what might be the problem?
  Thanks in advance,
  Steve

  This forum is for Microsoft Exchange.  Consider posting your question in the most appropriate Windows 8.1 forum here:
  http://social.technet.microsoft.com/Forums/windows/en-US/home?category=w8itpro
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• XI - 128 Bit encryption

  Whether XI (3.0, SP 16) is capable of doing 128 bit SSL Encryption? We are in the process of making a bridge with our external partners (B2B).
  We want to install Certificates, and want to do the Encryption?
  Who will install the Certificates? From where we can buy these certificates?
  Who will do this process?
  What are all the other points that we need to remember when we do this 128 bit Encryption?
  Thanks

  Hi,
  SSL is supported by WebAS, and XI is just an application on top of it.  The certificates are entered using the Visual Administrator, and also in the ABAP environment, depending on whether you also plan to use it with the SOAP adapter.  The configuration is normally done by the basis person.
  128-bit is supported.  You can get certificates from various providers, e.g. Verisign.  To work with a partner who has an user certificate, that user will have to provide you with his public certificate.
  The XI Configuration Guide that comes with the installation CD have the instructions.  Also, you can access that following weblogs for additional info:
  /people/gregor.wolf3/blog/2005/10/11/setup-https-ssl-for-the-sneak-preview-sap-netweaver-04-abap-edition-on-windows
  /people/thomas.jung3/blog/2005/05/13/calling-webservices-from-abap-via-https
  Regards,
  Bill

• Problems with IE and 128-bit encryption -- correction

  Repost with corrected e-mail address -- sorry!
  Hello. I'm having a problem with 128-bit SSL and Internet Explorer.
  I'm using WebLogic 5.1 (128-bit build) and a Verisign certificate.
  We're seeing some strange behavior with Internet Explorer. It seems to
  work fine from some machines, but doesn't work from others. On the ones
  that it doesn't work, it gives the "The page cannot be displayed"
  message. I've tried this with IE 4.0.1 (with 128-bit patch) and IE 5.5
  (128-bit by default) and have the same problems with both. We're seeing
  this problem across various Windows operating systems, but aren't seeing
  any pattern there. Any ideas as to what might be the problem?
  Thanks in advance,
  Steve

  The Mozilla browsers which include Firefox has supported 256-bit even encryption for a long time now.
  The issue could perhaps be the e-qip site is still looking for the old obsolete '''U''' in the useragent which was used to specify the encryption strength of 128-bit though 256-bit has been supported for a long while already at time by Mozilla applications. This "U" was removed in Firefox useragent as of 4.0 which was released March 22nd, 2011. The old 3.6.x was the last to have it.
  http://en.wikipedia.org/wiki/User_agent#Encryption_strength_notations
  https://hacks.mozilla.org/2010/09/final-user-agent-string-for-firefox-4/

• Upgrading to 128-bit encryption

  Hello,I would like to know what steps are necessary to upgrade to 128 bit SSL encryption from 40 bit?Currently we have a valid commercial license with key for Tengah/SSL, expiration=never.Any info is greatly appreciated.Thanks,Rick Ellmakeremail: [email protected]

  Hi Arshad,
  You have to make sure that you are using the domestic version of WLS(full
  strength) and when weblogic
  boots up it gets the correct license for SSL128. By any chance, if
  configuration is wrong it will spit out
  error message at srart up.
  (NOTE : make sure you use domestic version of Service pack if needed.)
  -utpal
  "Arshad Aziz (Verizon)" <[email protected]> wrote in message
  news:3c8e2136$[email protected]..
  I currently have weblogic 5.1 running. Need to upgrade to 5.1 with 128 bitencryption. Already have the SSL and SSL128 Tenga keys for it. Alos have the
  new build for the 128 bit.
  >
  Do, I just add these SSL128 keys to the existing PRODUCT keys that I haverunning on the machine after installing the new build ?? Or do I need new
  Product keys for the 128 bit encryptions also.

• SSL - 128 bit encryption instead of 40 bit?

  Hi,
  I setup my Tomcat 4.0.3 server to use SSL as directed in a book on servlets that I bought from sun press. Everything works fine, the server starts with SSL support and you can access it with https:, download the cert, etc. I downloaded jsse 1.0.2 jar files and put them into my /jre/lib/ext/ dir as directed and created the keystore for the key with:
  keytool -genkey -alias tomcat -keyalg RSA -validity 730
  also directed by the book.
  My problem is that the keys generated are using 40 bit encryption instead of strong 128. I want to make the site as secure as possible and I'm wondering how to do that. I followed the directions exactly, downloaded the version of jsse for us/canada and yet my certs still say that they were encrypted with 40 bit not 128 bit encryption.
  Mike

  My problem is that the keys generated are using 40 bit
  encryption instead of 128. What client do you use to connect to Tomcat?
  If the client does not support 128 bit keys for RC4, the browser
  and SSL 3.0 may negotiate a weaker session encryption key,
  in your case 40 bit.
  I don't use Tomcat, but with my web server you can configure
  the SSL protocol versions it accepts, and the ciphers it accepts;
  ie I can switch off everything other than RC4-128. -- Can the same
  thing be done in Tomcat, and how can it be done?

• SSL, 128-bit encryption problem

  Hi
  I need to establish a connection over SSL with 128-bit encryption from my
  client application to Active Directory. But when a connection is established
  I look at the System log and see the cipher strength is only 56.
  Does anybody have an idea how can I raise the cipher strength?
  Thanks

  Sorry,
  It was my fault. I used 56-bit SDK. After upgrade all is perfect.
  "Gennady" <[email protected]> wrote in message
  news:9mgd4d$[email protected]..
  Hi
  I need to establish a connection over SSL with 128-bit encryption from my
  client application to Active Directory. But when a connection isestablished
  I look at the System log and see the cipher strength is only 56.
  Does anybody have an idea how can I raise the cipher strength?
  Thanks

• WLS 5.1/128-bit w/1024/128 certificate SSL connections fail

  We have a 128-bit version of WLS 5.1 with the 128-bit SP8. SSL connections work with our original low-strength certificate, reporting during startup that it is "Using low strength SSL". If we replace the key/certificate pair with a new 128-bit version, SSL connections no longer work. The ciphersuites list has all of the supported suites in it. There are no exceptions or other problems reported in the log, but browsers fail to connect via SSL. I've not seen anything obvious online that suggests what may be misconfigured.
  Thanks in advance for any insights.

  I found that Netscape is reporting that the problem is an "Incorrect Message Authentication Code". What else do I need to change beyond replacing the key and certificate? Thanks.

• Going from 128-bit to 256-bit encryption

  Hello all,
  This is my first post here so please be gentle.
  I'm a tech manager who inherited an undocumented environment and have a question regarding upgrading the encryption on our 6.1 iPlanet instances from 128-bit to 256-bit.
  I've searched through the documentation and I can't seem to get a clear answer.
  1. To upgrade to 256-bit do I just need to update the following line in my obj.conf file:
  PathCheck fn="ssl-check" secret-keysize="128"
  to
  PathCheck fn="ssl-check" secret-keysize="256"
  2. Are there any dependencies for making this change such as generating a new SSL cert?
  Thanks in advance - Bill

  Here is some documentation about ssl-check :
  http://docs.sun.com/app/docs/doc/820-2203/abujv?l=en&a=view&q=ssl-check
  The ssl-check function is used along with a Client tag to limit
  access of certain directories to non-exportable browsers. If a
  restriction is selected that is not consistent with the current cipher
  settings, this function displays a warning that ciphers with larger
  secretkeysizes must be enabled.
  secret-keysize (Optional) Minimum number of bits required in the secret key.
  Which version of 6.1 Server are you using?
  $cd <web-server-install-dir>/<web-server-instance-dir>/
  $start -versionCan you send your server.xml settings?
  Assuming your machine is foo.bar.test.com
  $cd alias
  $../bin/https/admin/bin/certutil -L -d . -p  https-foo.bar.test.com-foo-displays the server's certificate nickname lets say it is Server-Cert
  Then try to get the certificate details in ascii format
  $../bin/https/admin/bin/certutil -n Server-Cert -p https-foo.bar.test.com-foo-It will show something like :
  Certificate:
      Data:
          Version: 3 (0x2)
          Serial Number: .... (0x...)
          Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
          Issuer: "CN=..."
          Validity:
              Not Before: .... 2008
              Not After : .... 2018
          Subject: "CN=..."
          Subject Public Key Info:
              Public Key Algorithm: PKCS #1 RSA Encryption
              RSA Public Key:
                  Modulus:
                      bd:10:c2:e0:bc:ad:fd:e6:75:ce:86:82:51:de:bf:37:
                      51:05:06:89:db:c2:6d:0c:31:f4:19:32:90:59:77:c1:
                      a0:6c:ef:88:54:ed:f8:d3:d2:6a:f7:22:f4:c6:95:60:
                      06:3a:64:f3:e4:0c:09:f4:37:c6:44:e7:d4:37:5a:4d
                  Exponent: 65537 (0x10001)
  ...Each line in Modulus section corresponds to 128 bits. In my case I have 4 lines, so my certificates key size is 4*128 = 512 bits.
  Can you send your modulus info i.e key size with which your certificates were created?
  Edited by: mv on Feb 8, 2008 9:28 AM

• I am currently using a desk top imac with firefox as the browser. I need to access a website that requires 128 bit encryption. How do I increase bit encryption?

  when I log into view my accounts, a pop up asks me to use either explorer or netscape with 128 bit encryption. since i use a mac, i do not have either. can i up the encryption using firefox?

  https://support.mozilla.com/en-US/questions/903234
  see also SSL Encryption Report( fortify net) in '''cor-el''' reply, in support.mozilla link inside the above link.
  thank you

• Windows 8.1 Pro Bitlocker AES 256-bit cypher question

  Hi, all
  Have an odd situation I cannot make any sense of. I have a desktop PC running Windows 8.1 Pro. I launched gpedit.msc and changed Bitlocker’s cypher strength from the default AES 128-bit to AES 256-bit.
  I then connected a brand new Western Digital 4TB external drive (model WDBFJK0040HBK-04) to the PC via USB 3.0, and Bitlocker-encrypted the drive. Opened a command prompt window as administrator, ran “manage-bde –status” for the drive in question,
  which indicated the drive was encrypted with the 128 bit cypher strength, instead of 256 bits, as I had selected. Have unencrypted, rebooted and re-encrypted the drive time and again, always with the same results.
  When connecting the same external 4TB drive to a Windows Server 2012 R2 Essentials in which I had made the exact same changes via gpedit.msc,
  I can encrypt it with the 256-bit cypher strength, with no problems.
  No TPM is used in either scenario, just a passphrase.
  Anyone has any idea why my 256-bit setting is being ignored in the Windows 8.1 Pro machine?
  Thanks
  Arsene
  ArseneL

  Well, running rsop.msc in my Server 2012 R2 machine does show my 256-bit bitlocker setting took, however, running rsop.msc in my Win 8.1 Pro machine shows it did not, which explains the problem I am having.
  Now all I have to do is find out why my request is not taking, even though I am logged in as an admin.
  Thanks!!
  ArseneL